commit: 3248afdd3fdb0a73aec52c2c3502be0b1748b48f
parent fcfcff335b0f7738945186057c41a8928b45920d
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sat, 11 Mar 2023 10:48:17 +0100
articles/cve.org-disaster: Migrate to Atom fragment
Diffstat:
6 files changed, 93 insertions(+), 25 deletions(-)
diff --git a/articles/cve.org-disaster.html b/articles/cve.org-disaster.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" lang="en">
+ <head>
+ <meta charset="utf-8"/><link rel="stylesheet" type="text/css" href="/css/index.css?serial=2023020902"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="vcs-git" href="https://gitlab.com/lanodan/blog.git" title="gitlab"/><link rel="icon" type="text/css" href="/images/favicon.png?serial=2020111201"/><meta property="og:image" content="/images/avatar.png?serial=2020111201"/>
+ <title>The new CVE.org website is a security disaster so I made my own - lanodan's cyber-home</title>
+ </head>
+ <body>
+
+ <header>Sorry, I do not value($$$) your privacy. :^) — <a href="/privacy%20policy">Privacy Policy</a></header>
+ <nav><details open="">
+ <summary>Links</summary>
+ <ul>
+ <li><a href="/home">Home</a></li>
+ <li><a href="/about">About</a></li>
+ <li><a href="/projects/">Software Projects</a></li>
+ <li><a href="/animelist">Anime List</a></li>
+ <li><a href="/mangalist">Manga List</a></li>
+ <li><a href="/bookmarks">Bookmarks</a></li>
+ <li><a href="/coding%20style">coding style</a></li>
+ <li><a href="/decreases%20of%20usability">Decreases of usability</a></li>
+ <li><a href="/software%20basic%20needs">Software basic requirements</a></li>
+ <li><a href="/recaptcha">Google ReCaptcha</a></li>
+ <li><a href="/git/">/git/</a></li>
+ <li><a href="/kopimi/">/kopimi/</a>: libre data</li>
+ <li><a href="/librism">Désintox’ / FOSS activism</a></li>
+ <li><a href="/notes/">/notes/</a></li>
+ <li><a href="/standards">standards</a>: opinions on them</li>
+ </ul>
+ <ul>
+ <li><a rel="alternate" type="application/atom+xml" href="https://hacktivis.me/feed.atom">Atom feed</a></li>
+ <li><a href="gemini://hacktivis.me/">gemini-space</a></li>
+ <li><a href="https://lanodan.eu/home">Resume</a></li>
+ </ul>
+ </details></nav>
+
+ <article>
+ <div xml:lang="en">
+<a href="/articles/cve.org-disaster"><h1>The new CVE.org website is a security disaster so I made my own</h1></a>
+<p>
+ <code>cve.mitre.org</code>, the <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a> database website I was using instead of NIST's website to avoid a bit of JavaScript started showing <q>NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (<a href="http://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG">details</a>)</q> some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.<br/>
+ I mean, just look at <a href="https://github.com/CVEProject/cve-website/pulls?q=is%3Apr+security">the security-related Pull Requests on it's github repo</a>.
+</p>
+<p>
+ And even if there wasn't security issues in their new website, requiring Automatic & Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a <abbr title="Common Vulnerability Scoring System">CVSS</abbr> on this thing?
+</p>
+<p>
+ As I'd rather not sit idly while this shit seems to be coming, I made <a href="https://hacktivis.me/git/cve-client/">cve-client</a>, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the <a href="https://gemini.circumlunar.space/">Gemini protocol</a>, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.<br/>
+ I made the gemini interface available at <a href="gemini://hacktivis.me/cgi-bin/cve">gemini://hacktivis.me/cgi-bin/cve</a>, feel free to make copies<br/>
+ I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.
+</p>
+</div>
+ <p>
+ <a href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271" rel="replies external">Fediverse post for comments</a>, published on 2021-10-02T21:26:57Z, last updated on 2021-10-02T21:26:57Z
+ </p>
+ </article>
+ <footer>
+ <a href="http://endsoftpatents.org/innovating-without-patents"><img loading="lazy" src="/images/patent_free.png?serial=2020111201" alt="Patent Free"/></a>
+ <a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img loading="lazy" alt="CC-BY-SA" src="/images/cc-by-sa.png?serial=2020111201"/></a>
+ <a href="/anybrowser"><img loading="lazy" src="/images/anybrowser.png?serial=2020111201" alt="Anybrowser campaign"/></a>
+ <a href="http://tstzmgqansvqfzr3qrkehszmlhjqbpqp7pwncrzr72ohyygrnbuu26qd.onion/">.onion</a>
+ <a href="/privacy%20policy">Privacy Policy</a>(2019-11-27)
+ This webthing agrees that <a href="https://simpleweb.iscute.ovh/">simple web is cute</a>~ ♥
+ </footer>
+ </body>
+</html>
diff --git a/articles/cve.org-disaster.shtml b/articles/cve.org-disaster.shtml
@@ -1,15 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
- <head>
-<!--#include file="/templates/head.shtml" -->
- <meta property="og:type" content="article"/>
- <meta property="og:title" content="The new CVE.org website is a security disaster so I made my own"/>
- <title>The new CVE.org website is a security disaster so I made my own — Cyber-home of lanodan</title>
- </head>
- <body>
-<!--#include file="/templates/en/nav.shtml" -->
-<!--#include file="/articles/cve.org-disaster.xhtml"-->
- <a href="/articles/cve.org-disaster.xhtml">article only(plain XHTML)</a>
-<!--#include file="/templates/en/footer.shtml" -->
- </body>
-</html>
diff --git a/articles/cve.org-disaster.xhtml b/articles/cve.org-disaster.xhtml
diff --git a/articles/cve.org-disaster.xml b/articles/cve.org-disaster.xml
@@ -0,0 +1,26 @@
+<entry>
+<title>The new CVE.org website is a security disaster so I made my own</title>
+<link rel="alternate" type="text/html" href="/articles/cve.org-disaster"/>
+<id>https://hacktivis.me/articles/cve.org-disaster</id>
+<published>2021-10-02T21:26:57Z</published>
+<updated>2021-10-02T21:26:57Z</updated>
+<link rel="external replies" type="application/activity+json" href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271" />
+<link rel="external replies" type="text/html" href="https://queer.hacktivis.me/objects/cc3a9571-23ae-4c0a-9067-bd2c49133271" />
+<content type="xhtml">
+<div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<a href="/articles/cve.org-disaster"><h1>The new CVE.org website is a security disaster so I made my own</h1></a>
+<p>
+ <code>cve.mitre.org</code>, the <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a> database website I was using instead of NIST's website to avoid a bit of JavaScript started showing <q>NOTICE: CVE website transitioning to new “CVE.ORG” web address. Process to begin in late September 2021 and last one year. (<a href="http://cve.mitre.org/news/archives/2021/news.html#September022021_CVE_Website_Transitioning_to_New_Web_Address_-_CVE.ORG">details</a>)</q> some time ago and I actually tried cve.org few times only to be welcomed by an apprently blank page, fine sure, not deployed yet I guessed. I couldn't be more wrong, I got a more curious look at it today and I noticed it requires JavaScript and by JavaScript I mean an epic disaster.<br />
+ I mean, just look at <a href="https://github.com/CVEProject/cve-website/pulls?q=is%3Apr+security">the security-related Pull Requests on it's github repo</a>.
+</p>
+<p>
+ And even if there wasn't security issues in their new website, requiring Automatic & Unverified Remote Code to be executed on people's machine for getting security information? What is wrong with you? Do I need to make you assign a <abbr title="Common Vulnerability Scoring System">CVSS</abbr> on this thing?
+</p>
+<p>
+ As I'd rather not sit idly while this shit seems to be coming, I made <a href="https://hacktivis.me/git/cve-client/">cve-client</a>, a simple script in almost dependency-less perl. It takes a CVE-ID, fetches the JSON for it from their API (haven't found a documentation for it btw) and renders it to plain-text but also Gemtext, the format used by the <a href="https://gemini.circumlunar.space/">Gemini protocol</a>, this way I could make it available for others without having to use my code and they very likely aren't going to receive malware in the process.<br />
+ I made the gemini interface available at <a href="gemini://hacktivis.me/cgi-bin/cve">gemini://hacktivis.me/cgi-bin/cve</a>, feel free to make copies<br />
+ I will maybe make an HTTP version of this at some point so it doesn't only runs on my own disaster-looking gemini-server (stunnel + shell script), which I still have much more confidence in than most of the web.
+</p>
+</div>
+</content>
+</entry>
diff --git a/config.ninja b/config.ninja
@@ -10,3 +10,4 @@ build bookmarks.xsl: xinclude bookmarks.xsl.in | ./templates/head.xml ./template
build bookmarks.html: xslt bookmarks.xsl bookmarks.xbel
build articles/2022$ Summary.html: article entry.xsl articles/2022$ Summary.xml
build articles/Why$ I$ embraced$ Wayland.html: article entry.xsl articles/Why$ I$ embraced$ Wayland.xml
+build articles/cve.org-disaster.html: article entry.xsl articles/cve.org-disaster.xml
diff --git a/feed.atom b/feed.atom
@@ -23,16 +23,7 @@
</div></content>
</entry>
- <entry>
- <title>The new CVE.org website is a security disaster so I made my own</title>
- <link rel="alternate" type="text/html" href="/articles/cve.org-disaster"/>
- <id>https://hacktivis.me/articles/cve.org-disaster</id>
- <published>2021-10-02T21:26:57Z</published>
- <updated>2021-10-02T21:26:57Z</updated>
- <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<!--#include file="/articles/cve.org-disaster.xhtml"-->
- </div></content>
- </entry>
+<!--#include file="/articles/cve.org-disaster.xml"-->
<entry>
<title>(Semi-)Automatic opening of Files</title>
